-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error updating the NVD Data Caused by NvdApiException: NVD Returned Status Code: 503 #6108
Comments
HTTP 503 is a server-side error, apparently too many are currently hammering the NIST NVD API, causing it to have availability issues. |
OK, same error here. Thanks for the info. Looks like a good candidate for a more useful error message ... |
Joy... looks like the ODC user base might be causing some performance degradation on the NVD API... |
See #6107 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using a plugin from marketplace of azure devops, this plugin was still working November 20, but unfortunately today I get the following error:
[INFO] Checking for updates
[WARN] An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key
[INFO] NVD API has 171,363 records in this update
[ERROR] Error updating the NVD Data
org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:336)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:110)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:633)
at org.owasp.dependencycheck.App.runScan(App.java:260)
at org.owasp.dependencycheck.App.run(App.java:192)
at org.owasp.dependencycheck.App.main(App.java:87)
Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: NVD Returned Status Code: 503
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:327)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:315)
... 7 common frames omitted
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (219 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
*omitted some output
[INFO] In dispose, destroying event queue.
[ERROR] Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT
[INFO] In dispose, destroying event queue.
[ERROR] Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL
[INFO] In dispose, destroying event queue.
[ERROR] Region [POM] : Not alive and dispose was called, filename: POM
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data
[ERROR] No documents exist
Version of dependency-check used
The problem occurs using version 9.0.0 of the Azure Devops plugin version 6.1.1
To Reproduce
Steps to reproduce the behavior:
running Azure pipeline using dependency check plugin 6.1.1
The text was updated successfully, but these errors were encountered: